Simplify your stack and build anything. Or everything.

Content Management System

Create with a minimal, powerful editing experience. Extend effortlessly.

Enterprise App Builder

Build sophisticated enterprise tools while reducing development costs.

Headless E-commerce

Manage all your content, alongside your products, in a single, powerful editing experience.

Digital Asset Management

Ensure brand consistency by seamlessly managing digital assets within your CMS.

Build tomorrow’s web with a modern solution you truly own.

For Marketing Teams

Advanced features like Visual Editing and Live Preview are giving a head back to the headless CMS.

Learn how Payload delivers for software consultancies with a content framework that can build anything.

Built with React & TypeScript, depart restrictive “no-code” options and write code you’re proud of.

Code-based nature means you can build on top of it to power anything.

Resources

Documentation Examples Templates GitHub Blog

Community

Roadmap Discord Community Help

Payload Cloud

Deploy your entire stack in one place with Payload Cloud.

Login Cloud Pricing

It’s time to take back your content infrastructure.

Schedule a Demo

Enterprise Features

SSO Publishing Workflows Visual Editor Static A/B testing AI features

Customer Stories

Microsoft Blue Origin Hello Bello Mythical Society Tekton

Featured Customer Story

Microsoft chose Payload to tell the world about AI.

Read the case study

New project Login

New project Login

Example skip rate limit middleware?

ericpughlast year

4

Hello. I'm trying to skip the API rate limits for requests made by an authenticated user with a particular role. The docs mention a "skip" Express middleware function that can be used, but I'm not sure how to get the user from the request object. Is there an example somewhere using the "skip" property?

I couldn't figure this out. I ended up with a somewhat dumb solution passing a secret as a header

  rateLimit: {
    trustProxy: true,
    skip: ({ headers }) => {
      return typeof headers['x-api-key'] !== undefined && headers['x-api-key'] === process.env.PAYLOAD_ADMIN_API_KEY;

    }
  },

notchrlast year
@ericpugh I believe that the user should be available on the req object in express (as long as payload.authenticate() is called)
```
    skip: (request, response) => {
          console.log(request.user)
          return false // no requests skipped by default
        }
```
Actually, not sure you need
payload.authenticate()
before this, but IIRC that tells express to check the session

Continue the discussion in Discord

Star

Chat on Discord

Discord

online

Can't find what you're looking for?

Get help straight from the Payload team with an Enterprise License.